darkcomet | ad469345f26ad5850bce8cca103d2ae8ef90c0da50b2f9e6696e914d1745646c | Triage

Submit
Reports

Overview

overview

Static

static

3

17bf1dab80...18.exe

windows7-x64

17bf1dab80...18.exe

windows10-2004-x64

Sharing

General

Target

17bf1dab80dbd72e6deb76b0a7e854f3_JaffaCakes118
Size

336KB
Sample

240627-2ah1zaxapk
MD5

17bf1dab80dbd72e6deb76b0a7e854f3
SHA1

88357e8a37c05b139739f5d35d7afa19724ee8e0
SHA256

ad469345f26ad5850bce8cca103d2ae8ef90c0da50b2f9e6696e914d1745646c
SHA512

32bda4c1f6745817e44cea12b4e5569467f399769bfa7742f00ab8671a6b1cf7dd843c8ca9c3bc0e376bfcf3e4e58cd6fbc1fa4f3de254067acb075a83bedc99
SSDEEP

6144:v/abvDPPofih8jWlwDJ6YIighbtPYJPzXix80G6QNEfyBFmjBYlc+eJUQvA23ss:Xn8hXx80GTayBuBYlc+IUr233

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

17bf1dab80dbd72e6deb76b0a7e854f3_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet persistence rat trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

17bf1dab80dbd72e6deb76b0a7e854f3_JaffaCakes118.exe

Resource

win10v2004-20240611-en

darkcomet persistence rat trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  17bf1dab80dbd72e6deb76b0a7e854f3_JaffaCakes118
- Size
  
  336KB
- MD5
  
  17bf1dab80dbd72e6deb76b0a7e854f3
- SHA1
  
  88357e8a37c05b139739f5d35d7afa19724ee8e0
- SHA256
  
  ad469345f26ad5850bce8cca103d2ae8ef90c0da50b2f9e6696e914d1745646c
- SHA512
  
  32bda4c1f6745817e44cea12b4e5569467f399769bfa7742f00ab8671a6b1cf7dd843c8ca9c3bc0e376bfcf3e4e58cd6fbc1fa4f3de254067acb075a83bedc99
- SSDEEP
  
  6144:v/abvDPPofih8jWlwDJ6YIighbtPYJPzXix80G6QNEfyBFmjBYlc+eJUQvA23ss:Xn8hXx80GTayBuBYlc+IUr233
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Adds policy Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

darkcometpersistencerattrojanupx

© 2018-2024

Terms | Privacy